Loading...

Assign an existing User-Assigned Managed Identity to VM from another subscription using Azure Policy

Assign an existing User-Assigned Managed Identity to VM from another subscription using Azure Policy

Azure provides a comprehensive list of built-in policy definitions (grouped by the category property defined in the metadata) which are owned and maintained by Microsoft (where the azure-policy repository contains the direct representation of these).

 

Built-in policy definitions usually cover a specific scenario although some flexibility might be provided through parameters that can be configured. However, customers might have specific needs not covered by an available built-in policy definition and a custom policy definition might be needed.

 

As a rule of thumb, if there is a built-in policy definition that covers part of a scenario, a custom policy definition can be created based on it introducing the necessary modifications.

 

Let’s take into consideration the [Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines built-in policy definition that creates and assigns a built-in user-assigned managed identity or assigns a pre-created user-assigned managed identity at scale to virtual machines. This currently provides the user-assigned managed identity name and resource group name as parameters expecting that it is on the same subscription as the virtual machine resource. However, in a scenario where the pre-created user-assigned managed identity exists in a different subscription from the virtual machine resource, a custom policy definition is required.

 

Before creating a custom policy, it is worth checking both the Azure Policy Samples as well as the Community Policy Repository to see whether a policy definition that matches your needs already exists. Coming back to the user-assigned managed identity assignment to virtual machines where the pre-created user-assigned managed identity exists in a different subscription from the virtual machine resource scenario, a custom policy definition is available here where the user assigned managed identity resource URI (which contains the subscription ID) is provided as a parameter.

Published on:

Learn more
Azure PaaS Blog articles
Azure PaaS Blog articles

Azure PaaS Blog articles

Share post:

Related posts

Fabric Mirroring for Azure Cosmos DB: Public Preview Refresh Now Live with New Features

We’re thrilled to announce the latest refresh of Fabric Mirroring for Azure Cosmos DB, now available with several powerful new features that e...

1 day ago

Power Platform – Use Azure Key Vault secrets with environment variables

We are announcing the ability to use Azure Key Vault secrets with environment variables in Power Platform. This feature will reach general ava...

1 day ago

Validating Azure Key Vault Access Securely in Fabric Notebooks

Working with sensitive data in Microsoft Fabric requires careful handling of secrets, especially when collaborating externally. In a recent cu...

1 day ago

Azure Developer CLI (azd) – May 2025

This post announces the May release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – May 2025 appeared first on ...

1 day ago

Azure Cosmos DB with DiskANN Part 4: Stable Vector Search Recall with Streaming Data

Vector Search with Azure Cosmos DB  In Part 1 and Part 2 of this series, we explored vector search with Azure Cosmos DB and best practices for...

2 days ago

General Availability for Data API in vCore-based Azure Cosmos DB for MongoDB

Title: General Availability for Data API in vCore-based Azure Cosmos DB for MongoDB We’re excited to announce the general availability of the ...

2 days ago

Efficiently and Elegantly Modeling Embeddings in Azure SQL and SQL Server

Storing and querying text embeddings in a database it might seem challenging, but with the right schema design, it’s not only possible, ...

2 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy